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(54) Secure apparatus and method for printing value with a value printer 



(57) A system and method of printing value such as 
postage using a value meter (10) connectable to com- 
municate with a host terminal "(12) which includes a 
printer (24). The postage metier (10), sometimes 
referred to as a vault, includes a processor (14) and 
storage (16) and the host terminal includes a processor 
(22) and storage (30). The printer (24) is provided with 
a secure non-volatile random access storage (30) and a 
processor (28) and a key is stored in the non-volatile 
random access storage (30). The key ijs changed for 
every print cycle , so that it is ; impossible to print unau- 
thorized postage on the basis of -possession of the key 
used .Jo print the last postage. A change of key is 
effected by reading the key from' the T non-volatile ran- 
dom access storage ,(30) in the printer (24) and chang- 
ing the key, such as by a ;: pseudo-random "number 
generator, to provide a second key. The second key is 
stored in the non-volatile random access storage (30) 
and then encrypted by an encryption scheme known to 
an authorized postage meter. The encrypted second 
key is transmitted to an authorized postage 'meter 
wherein it is decrypted pursuant Jo the decryption 
scheme known' to the authorized postage meter. Print 
data may be securely transmitted to the host (12) and 
printer (24) by using the decrypted second key to con- 
vert the data to be printed. This is then sent to the 
printer where it is deconverted using the second key to 
recover the data to be printed. 
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Description : V 

This invention relates to an apparatus and method 
for securely printing indicia, e.g. textand variable graph- 
ics information: The invention is applicable to such an 
apparatus and method wherein security is provided 
through cryptography. 7 - - 

U.S. Patents Nos. 4,802,218 and 4,864,618 issued 
January 31, 1989 and September 5. 1989, to Christor 
pherB. Wright et al. describe an automated transaction 
system, such as'a postage transaction system/in which 
a postage account is maintained with a microprocessor 
card which is used in transactions with postage printing 
and; metering- terminals. The patents- particularly 
address security and provide for a secure handshake 
recognition procedure to be mutually executed between 
the card and the terminal so that they each recognize 
the other as authorized to execute a transaction,. 

Fig. 1 of the Wright et at. patents illustrates a post- 
age metering terminal wherein a microprocessor card 
10 is inserted in a slot 1 1 of the automated transaction 
termihal20. The card completes multiple contacts with 
' the'terminal and atrip switch indicating full insertion trig- 
gers a start signal. The start signal is sent to an opera- 
tions-microprocessor or terminal MPU. 30. The terminal 
MPU 30 controls the interface with the card and the 
operation of the various parts r of the terminal,, including 
the printer 40 which is the value dispensing section of 
the terminal. A power source Vo ts provided by a battery 
* or the like to power the various parts of the terminal. • 

The printer 40 contains a microprocessor unit 
(printer MPU) 41 which controls the operation of the 
printhead 42. The MPU 41 executes ; an internal pro- 
gram (FIRMWARE), as does the card microprocessor, 
so that it cannot be tarripered with from the outside. The 
printer MPU's internal program includes^ unique-encryp- 
tion algorithms 1 parallel to- those stored: in ; the .card's 
microprocessor. These are- installed by -the* manufac- 
turer so that the printer MPU can > executes secure 
handshake recognition procedure with the. card's micro- 
processor to authorize a requested- transaction. The 
MPU 41 is formed integrally with the printhead 42, such 
as by embedding in epoxy or the like, so that it cannot 
'be physically- accessed without destroying the print- 
head. Thus the printhead 42 of the postage metering 
terminal 20'cari only be operated through the MPU 41 , 
and will print a postmark only when thevhandshake rec- 
ognition procedure and a postmark print command have 
been execute between the 'card MPU and the'printer 

mpu 41. *■ \ \-- ; '> ^ ~ y. 

: * 1 The handshake operation of the Wright<et al. pat- 
ents operates as follows; The card MPU 60' initiates the 
handshake procedure upon receipt of ihe -commence 
signal. Upon verifying that the requested transaction is 
authorized, the card MPU encrypts an object number N, 
which may be a randomly generated number, with a key 
number k1 (which may bei the printer's PIN) stored in the 
secret zone of its memory by a first encryption algorithm 
E1 and sends the resultant word W1 through the hand- 



..- shake channel 61 of terminal MRU 30. to the printer 

MPU 41.; . 

' .* Upon receipt of the word W1, the printer MPU 41 
decodes the number using the same number k1 by the 
5 inverse algorithm EV. The number k1 may be a secret 
key number stored in the printer MPU's memory at the 
time of validation ,-or in an. open system, it may be the 
PIN entered by the user on4he:terminaLor a .cpmbina- 
o tion of both.. The printer MRU 41 thea, encrypts the 
■io decoded number with the number, k1 by a .second 
' encryption algorithm E2 to send a second word W2 
back to the card MPU 60. ■ 

Upon receipt of the word W2, the card.; MPU 60 
• 1 decodes the number again using the key number k1 by 
15 the inverse oMhe second algorithm E2\ and compares 
■ the decoded number with the number it used in the first 
transmission.' If the numbers-match, the handshake 
procedure has -been successfully completed, and the 
- card and printer MPUs have recognized each other as a 
20 authorized to execute the; requested transaction. 

While this handshaking protocol provides some 
added security, in operation it always produces the 
same action in response to the same input signal. Fur- 
ther, the printhead in the Wright et al. patents does not 
25 include hardware for storing data, during periods when 
the power is off. The printer 40 itself is not secure. An 
indicia printed with the printhead of the Wright et al. 
arrangement can be reprinted any number of times by 
. reproducing-the electrical signal used -for the first legiti- 
me ■ mate print. . • .- . 

It is accordingly a primary object of the present 
invention to provide an improved postal mailing system 
which may be recharged with postal funds in a secure 
manner so that images cannot be controlled by unau- 
35. thorized users. 

It is also. an object of theJnvention to provide such a 
postal mailing system through the use of a secure dot 
s 1 j: addressable or the like printer. 

The foregoing disadvantages of the postal mailing 
40 systems of the prior art may be overcome and the afore- 
! ,; . mentioned .objectives. may : be^achieved in accordance 
with the invention by communication with a dot address- 
able or the like printhead secured by an encryption 
arrangement, The : printhead includes a secure non-vol- 
45 atile static random access memory (NOVRAM) in addi- 
tion to a secure application specific purpose 
- : microprocessor xhip: The NOVRAM is sometimes here- 
inafter referred to as non-volatile memory or N VM and 
the specific purpose microprocessor is sometimes 
V5<? -.. hereinafter referred to as an ASIC or application specific 
integrated circuit. According to the invention a key is 
changed each print cycle and stored in the NOVRAM or 
NVM even during times when the power is off. This 
access key changes for each print cycle. Thus, an unau- 
55 thorized user who learns the key used for the last print 
- * .cycle is unable to print an jmage and cannot reprint an 
image by reproducing the electrical signals used to print 
the original image. 
... According to the invention a printer microprocessor 
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unit'and 'noh-voiatlle static random access-memory are 
mounted in secure fashion within the printhead'.^During 
each pHrit cycle a number R is read-from the non-vola- 
tile static random access memo; y< (NOV R AM) i n the 
printhead. The value of R is changed using a pseudo- 5 
-random number generator .and thensw. value is stored 
in the NOVRAM. The number R is encrypted using the 
public key of a public key encryption scheme to produce 
a. number N; The encrypted number N is sent to the 
user. An authorized user has the. private key for the w,- 
encryption scheme and calculates. R. The, user, takes j ; 
the data that is to be printed and performs an exclusive- 
or operation with the binary exparnsiarrof the number R. 
* After the exclusive-or operation the converted data is t 
; sent to the printer. The printhead takes the input con- 15 
verted data and again applies the exclusive-or operation 
to reproduce the original print data and this isprinted. A 
significant improvement in security Js provided by this 
use of a changing key stored in mon-voiatile printhead 
memory that allows the printhead to be accessed only 20 
by authorized users. 

Embodiments of the invention will now be 
described with reference to the drawings, in which: 

Fig. 1 is 5 a simplified block diagram of a vailing sys- 25 
tern which may be utilized with embodiments of the 
invention; 

Tig. 2 presents in tabular form the name, descrip- • 
tion and source of symbols, keys and other protocol 30 : 
' data referred to in the description of secure printing 
according to an embodiment of the invention; 

; Fig. '3 is a simplified flow : diagram illustrating com- or 
mencement of initialization of the installation -#5 
according to an embodiment Of the invention; 

Fig. 4 is a simplified flow diagram illustrating the 
: graphics signing at the factory; - 

/ • \ ■ ■: , . •'!:".': y : •;• -40.: 

' -Fig'. 5 is a simplified flowchart illustrating the initial- : : 
' ' ■ ■ ' ization of the printhead graphics; 

Fig. 6 is a simplified flowdhaft illustrating the initial- /-. 
ization of a session; ' -• 1 ^ ;*s- 

Fig. 7 shows in simplified flowchart form a request 
indicia procedure; '.^ 

Fig. 8 is a simplified flowchart illustration of the so 
printing of a report procedure; " ' 

Fig. 9 sets forth in tabular form an explanation of 
protocol used; - 7 ' 

•.. ■ " .; - 55 

Fig. 1 0 illustrates in tabular form protocol forsigning 
of the graphics; and 

Fig. 1 1 illustrates in tabular form the initialization of ■ - 



a session according to an embodiment-of the inven- 
tion. 

The invention is described in further detail in the 
context of a postage meter, however, other types of 
meters may be-used. Such meters include parcel serv- 
ice meters, tax stamp meters, check writing meters, 
ticket imprinters, and other similar devices. 
< Fig. 1 -shows in a simplified block diagram a form of 
mailing system which may be utilized with embodiments 
of : the invention. The mailing system may comprise a 
postal meter 10 which is herein referred to, as an elec- 
tronicvault or as a vault. The vault is in communication 
with a host 12 in a conventional fashion. It will be under- 
stood that the vault may take : many forms, including the 
form of a card such as described in the Wright et al. U.S. 
Patents Nos. 4,802,218. and 4,864,618, referenced 
hereinabove. The vault may also constitute a module of 
more substantial size coupled to the host, such as 
described, for example, in U.S. Patent, No. 4,858,138, 
issued August 15/ 1989, to. Paul G. Talmadge and 
assigned to the assignee of the instant application. The 
vault includes a microprocessor (MPU) 14 which is cou- 
pled through a non-volatile memory (NVM) ; 16 through 
security logic 18. An indicia read only memory (ROM) 
20, in which the particular printing indicia is stored, is 
also coupled to the microprocessor. 14 through the 
security logic 18. ; . v - " 

The host 1 2 includes an operations microprocessor 
(MPU) 22 and the printhead housing 24. The operations 
microprocessor 22 provides intelligence to allow for 
communication back and -forth to .vault microprocessor 
14 via interface 26 to initiate printing when the proper 
.information is exchanged.. A keyboard - (not shown) in 
the host 12 may be provided to send information repre- 
senting the postage amount ; tp , the; operations micro- 
. processor : - 22. The printhead housing , 24 is 
. manufactured as secure, housing, and includes an 
^operation specific printer microprocessor 28,, NOVRAM 
i 30,; and printing mechanism or printhead 32 for printing 
indicia on- a mail piece or the like 34. In a preferred 
embodiment the printing mechanism,, NOV RAM and 
. microprocessor constitute^ integral unit. - : 

- A printhead number (Nph) is stored in the printhead 
: NOVRAM.30 to impart aunique character to the specific 
printhead. Also stored .in the NOVRAM.30 is a printhead 
, seed;R which is used by the printhead cryptographic 
: pseudo-random number generator ,tq generate nonces. 
t^'The NOV RAM' 30 also .'has. .stored therein in encrypted 
form the printhead key Kph which is the key used by the 
printhead and vault to generate the session key. The 
-printhead key Kph is stored in -the NOV RAM encrypted 
with the printhead security key Ka. The graphics key Kg, 
* which js the key used by the manufacturer and print- 
rhead to secure graphics and other printhead data, is 
also stored in the NOVRAM encrypted with Ka. The 
printhead security key Ka is itself stored in the printhead 
ASIC. The printhead master key Kphm is stored 
securely in the vault. This key is used by the vault to cal- 
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culate the prihthead key from the prihthead number. 
The vault security key Kv is stored in the vault ASIC. 
This key is used by. the vault ASIC to encrypt secret 
information stored in NVM- 

For convenience of reference "ther foregoing sym- 
bols are presented in tabular form in Fig. 2 showing the 
symbol name, description and source. The abbreviated 
form NVM is used for NOV RAM in the Fig. 2 table. Fig. 
2 also identifies the session nonce Ns, vault nonce Nv, 
indicia nonce Ni and session key Ks. The session nonce 
Ns is generated by the printhead with the printhead 
seed R and the printhead key Kph to assure' session 
freshness. The vault nonce Nv is a pseudo-random 
number generated in the vault to assure that the print- 
head is present at the beginning of a session. The indi- 
cia nonce Ni is a nonce generated with R and Kph by 
the printhead to ensure indicia freshness. The session 
key Ks is the key used by the printhead and vault to 
communicate during one session. The session key is 
generated from Ns and Kph. The printhead key is good 
for initializing sessions with the vault. The graphics key 
is good for authenticating graphics from the vendor. 

; in an alternate embodiment; the number R is read 
from the NOV RAM 30 &nd the value of R is changed 
using a pseudo-random number generator and the new 
value is stored in NOVRAM-30. The number R is 
encrypted using the public keiy K^public of a pubiic key 
encryption ; scheme to ~produce ; c a - 'number 
N=f(R,K_pubiic). The encrypted number 1ST is sent to the 
user An authorized user has the private key K_private 
for this encryption scheme. The user calculates R=f- 
1(N,K_jDrivate). Th6 user 1 takes the data' that is to be 
printed and performs an exclusive-or operation with the 
binary expansion of theViumber R. R may typically con- 
tain 1,000 bite and the print data may require "multiple 
copies of R to convert ali "of the data; Afte~r the exclusive- 
or operation the converted data is sent to th&'printer. 
' " The following 1 is an v exemplary illustration of the 
' process: : ' " : - :; v - - ^ ' r ?! 

Assume that R is'only eight digits long and that 24 
bitsof print data are required. y 7 ■■. 

Assurne that the original value of R is 01101111. 
The printhead microprocessor applies- a random 
number generator and stores a new value 1001 1101 . 

5 The* ■ printhead microprocessor ' encrypts this 
number to obtain f(R,KjDubltc)=0001t10t and sends 
thi£ number to the user. ; ""■ r ' • -<* : 

: The user : calculates f-1 (0001 11 T01 ; v Kiprivate)= 

:io6n ioi. : ' . " • r ; • ■ , * jn ' ; v i ^ 

to print the"data : the user performs* an exclusive-or 
operation with R and sends the data to ttit^ prihthead: 

•10011101, 10011101. ibomoi ' ' 1 : 

P repeated enough times to cover the'data: 
000001 11,01*1 10001,1 1110000 ' : 
Print data. ■ r ; " 

10011010,11101*100,01101101 < 
Converted print data. 



.: T*-s:;;/The printhead takes the input converted data and 
r^again applies the exclusive-or operation- to : reproduce 
the original print data: * : 

5> 10011011,11101100,01101101 .. . : - 

: " Converted print data. - : . ■.• 
1001 1 101,1001 1101,1001 11:01 . \ 
R repeated enough. times to ewer the date. - , y 
- 00000111,01-110001,411:10000 

io - Data used to print is the same as the originalprint data. 

It will be apparent to those skilled in thje -art that 
other schemes may be used to encrypt the communica- 
- = : tion and to convert the print data. The important feature 
is" is that the system uses a changing key stored in non- 
. volatile secure printhead memory that allows the print- 
head to be accessed only by authorized users. 

A typical . initialization of the system for a printing 
operation is now described in conjunction with a series 
20 - of flow diagrams commencing .with the simplified flow 
diagram of Fig. 3. Referring to that figure the printhead 
• security key Ka is installed in the printhead ASIC at 36. 
This universal key secures data external to the. print- 
head ASIC. The vault security key-Kv isinstalled in the 
25 vault.ASIC at 38. This universal key secures data exter- 
nal to the vault ASIC and requires an update to the 
ASIC. At 40 the printhead number Nph is installed in 
NVM in the printhead. Each printhead should have a 
unique number to initialize it. This is required in order 
-30: - that the software random number generators on differ- 
ent printheads produce different numbers. . 
: r The encrypted printhead key {KphJKa is installed in 
NVM at 42. The printhead key is derived by. the vault 
from the printhead number using the printhead master 
35 key. The printhead needsrthe printhead key encrypted 
.with the printhead security key. This separation ensures 
that an attacker who opens' and deciphers everything in 
; v ... one printhead will not possess sufficient information to 

use a second or other printheads. ^ ^ T -, 
. 40 * . , At 44 the encrypted graphic key-.{Kg}Ka is installed 
in NVM,- This is a universal key that secures the graph- 
, . , • ios. »lt is not : built in. the: ASIC -in -order to provide the 
'. ^ l option of. changing thekey in v the future. 

At 46 the printhead master key Kphm is installed in 
' 45 the vault^This is a r universal key-used by the vault to 
. . -communicate with ^printheads. The vault believes that 
. " : the printhead master key is good for deriving the print- 

- ,J head ; key from the printhead number. 
"■■•l,k >* The graphics signing at the factory is illustrated in 
^■50 the flowchart of Fig. 4. Referring to that figure graphics 
are assigned at the factory with the graphics key at 48. 
- * r The vendor should be able to rely on the graphics key as 
a good key for authenticating graphics to the printhead 
" v and have reasonable assurance that the printhead is 
55 protected from producing counterfeit images by the 
graphics key. Two practical methods are available for 
. signing graphics. In one method a message authentica- 
tion code is generated by chaining DES encryptions. In 
an alternate method a CRC is generated with a secret 
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polynomial and the polynomial is encrypted. Chaining 
DES encryptions is commonly used in financial applica- 
tions to assure message integrity: /A label eati be 
attached to the graphics indicating the type of image 
and the label and graphics signed together. The indicia 
graphics are assigned at 50, The indicia graphics 
include information about the location -of fields so that 
attackerscannot permute characters in the indicia. The 
slogan graphics are assigned at 52 and the fopt graph- 
ids assigned at 54. The font graphics Jabel includes the 
ASCII character represented. The permit graphics are 
assigned at 56. " 

"The Initialization of* the printhead graphicsris illus- 
trated'ih'Fig. 5^ Referring to Fig. 5 the printhead graph- 
ics are initialized with the-graphics key at 58. The 
graphics key is decrypted with the printhead^ security 
key at 60 and the : indicia graphics are loaded and veri- 
fied at 62. The graphics' are- loaded into the printhead 
NOVRAM. They are cryptographically verified each time 
they are loaded and a bit is set that indicates accept- 
ance of the signature of the graphics. The add slogan 
graphics are loaded at r 64 and a bit seMhat indicates 
acceptance of the signature of those graphics. The font 
graphics are loaded and verified at 66 and a bit set that 
indicates acceptance of the signature of those graphics. 
At 68 the permit graphics areloadied and verified and a 
bit set that indicates acceptance of the graphics signa- 
ture. ^ k 

The initialization of a session is illustrated' in simpli- 
fied flowchart form'in Fig. 6: The printhead believes that 
the session key is authentic for communicating with the 
" vault and believes that the vault "meter number" is also 
authentic. The vault believes that the session < key is 
good for communicating with the printhead. 

: - At 70 the printhead key^is decrypted : with the print- 
head security key. The printhead outputs a number and 
session nonce at 72, The printhead calculates,.the ses- 
siori key from the printhead key ^nd "nonce at ,74 and the 
vault generates the printhead 'key 1rom. Nph with the 
printhead master key at 76: At 78 the vault calculates 
! the session key from'the printheadckey and nonce. At 80 
- the vault sends' the meter number; session nonce (and 
vault nonce)' encrypted with the session: key. The vault 
nonce' authenticates^ the printhead -.to - the vault. This 
assures the vault that the data it is "sending as in fact 
going to a printhead: The printhead verifies the: session 
nonce, saves the 1 meters number and :Outputs -the vault 
nonce at 82. The vault verifies the vault nonce.at 84. 

Fig. 7 shows in dimpiHied flowchart form a request 
indicia print procedure; The printhead beJieves that the 
vault believes the "indicia number, piece count, post- 
age." At 86 the printhead "outputs the indicia nonce. The 
printhead seed is updated after, each nonce. The vault 
encrypts the piece count, postage, (date); indicia nonce 
with the session key at 88. At 90 the printhead decrypts 
the piece count, postage, and indicia nonce. 

The printing of a report procedure is illustrated in 
flowchart form in Fig. 8. The printhead believes that the 
vault believes the report and that the image represents 



the report. The verifier believes the vault articulated the 
report. At 92 the printhead sends the report nonce. The 
printhead and vault derive the session key at 94 and the 
vault encrypts the numerical data in the report at 96. 
5 . The printhead verifies the font data in the, report at 98 
arid indicates jt needs a signed : "format" for the report at 
r 100. . \ . 

The protocol is, set- forth in tabular form in Fig. 9. 
The. principles in the protocol .are, V.-vault,.P-printhead, 
^p, - .and/M-manufacturer. The. notation for encryption is that 
■■:~-*{M}K \s. the ; message M encrypted with the key K. The 
.7.. notation .for signing is that [M]K is the . message M 
• . i ..signed with the key K. The printhead key is encrypted in 
NVM in a way that the printhead does not know the map 
15 from the printhead number to the printhead key. The 
steps indicated and described in Fig. 9 are performed 
under the security of the manufacturing process. 

The protocol -for the signing of the.graphics is illus- 
trated in tabular form in Fig. 10. When the printhead 
20 graphics are initialized at the customer site th§ required 
- messages from 7-1 1 in Fig. 1 0 are sent to the printhead, 
verified and installed, The channelled not be particu- 
larly secure. An ad slogan could be used, if desired. The 
; v images should be reasonably well scrammed, in a way 
25 that the customer cannot easily reverse.the scrambling. 
- As each graphic image is verified a bit is set to indi- 
cater that that; image is accepted. This prevents attacks 
-where bogus images are loaded and the printhead is 
: , . powered down before it clears the data. The printhead is 
: \30 now initialized. A session is initialized as shown in tabu- 
lar forrrvin Rig. 11 . • 

;.; ; ln step 12, the printhead generates a new nonce Ns 
a*-: ? for th,e r ,sessipn. The, printhead calculates the, session 
- ... key Ks from the ngnceby decrypting Kphfrom NVM and 
r 35 u encrypting t Ns. The vault calculates Ks by encrypting 
-r . .Nph. . with o- Kphm.; At : step * 13. s (he vault ssends Nv 
, ; encrypted to provide assurance that the printhead is 
;1t irpresent/The printhead. verifies the encrypted Ns to ver- 
ify that the vault is valid. The indicia serial, number is 
* 40 . sent at this point to avoid- having to .send it for each indi- 
cia. The printhead decrypts the message and .verifies 
Ns. At step 14 the vault verifies the printhead retrieved 
< .i Nv to authenticate, the pr ; inthead. t The vault and print- 
head are now ready to print indicia and the session is 
. 45 now initialized,; At step 1-5 for each indicia the printhead 
.. . generates a nonce to assure that the indicia is fresh. At 
step 16 the vault prepares a message with th^e indicia 
. information >andv the . indicia j nonce, .encrypts it, and 
sends it to the printhead. The printhead verifies.the indi- 
,50 / cia nonce is encrypted, loads the . data into the image, 
t-.i-. .and prints the.indicja. « . , ...... * . 

It will be readily seen by one of ordinary skill in the 
art that the present invention fulfills all of the objects set 
forth above. After reading the foregoing specification, 
55 one of ordinary skill will be. able to effect various 
changes, substitutions of equivalents and various other 
aspects of the invention as broadly disclosed herein. It 
is therefore intended that the. protection granted hereon 
be limited only by the definition contained in the 
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appended claims arid equivalents thereof. 
Claims 

1 . In a value printing system comprising a value meter 
device (10) connectable to communicate with a 
host device (1 2) which includes a printer device 
(24) for printing value 'indicia pursuant to signals 
from said value meter device (10), said value meter 

" 'device including a processor (14) and storage (16), 
and said host device (12) including a processor (22) 
and storage (30), a method comprising the steps of : 

providing in said printer device (24) a secure 
non-volatile random access storage (30) con- 
nected to a processor (28); 
storing a key in said printer device non-volatile 
random access storage (30); 
initiating a print cycle of said printer device (24) 
to print value indicia including print data trans- 
mitted by said value metering device (10) to 
said printing device (24) following mutual 
; - ' authentication of said key by said value meter 
device (10) and said printer device (24) and 
authentication of said print data by said printer 
device; 

printing said indicia 5 including said print data 
and terminating said print cycle; and 
changing said key in said printer-device non- 
volatile random access storage (30) before ini- 
- Miatirig another print cycler * : . 

2. A method according to Claim 1, wherein said 
changing of said "key and' said 'authentication 
includes the steps of: - v 

reading said key from said non-volatile random 
* access storage (30) in said printer device (24); 
changing said key to provide a second key; 
storing said second key in said non-volatile ran- 
lf dbm access storage (30) in said printer device 

" ; (24); - . - : • " 

encrypting said second key by an encryption 
protocol known to an authorized value meter- 
1 ing device; * ^ * " ~ 

sending the encrypted second key to an 
authorized value metering device; and 
^"decrypting said' second key in^ said -authorized 
value mietering device'. r ;i - < ; -'-" 

3. A method according to Claim 2 including the steps 

of: - ' 

using the decrypted second key to convert data 
to be printed; ' ' 

sending said data to be printed converted with 
said second key to said printer device (24); 
deconverting said converted data to be printed 
in said printer device (24) with said second key 



. » to recover the data to be printed;. and 
..v^r. . - printing said data. • 

4. ; A method according to Claim 2 or 3, wherein said 
5 key is changed to said second, key by a pseudo-ran- 

dom number generator in said printer device. 

- 5. A method according to -Claim 1,:2, 3 or 4, wherein 
said processor (28) connected to said non-volatile 
io ' random access storage (30) is provided in said 
' printing device (24). 

6; A method according .to any one of the preceding 
; . claims,, wherein said value printing system com- 
15 prises a mailing system and said value meter 
device (10) comprises a postage meter and said 
printer device comprises a postage printer (24). 

- .-_7. A printing module (24) for use in a value printing 
20 ■ system (10, 12) for controlling the printing of value 
indicia wherein said system includes a value meter- 
ing device. (10) having a data processor (14) and 
storage (16), and a .terminal (12) associated with 
said printing module (24), and means (26) for 
25. removably connecting said terminal (12) to said 
t value metering device (10) for data communication 
. ^ between said value metering device and said termi- 
: — na! and said printing module, said printing module 
"... > 1 (24) comprising a data controlled printing rnecha- 
30 y nism (32) having securely mounted therewith a 
data processor -(28) and a non-volatile random 
access storage (30) having a key stored therein. 

* 8. A printing module according -to Claim 7, wherein 
35 - - ~ said data processor (28)- and non-volatile random 
access storage (30) are integral with said printing 
■ : mechanism (24).. \ 

9. A printing module according to Claim 7 or 8, 
ao. x . wherein said data processor (28) and non-volatile 
y storage, (30) of said. printing module (24) have 
. ... . • stored therein.a numbergenerating protocol which 
> - • i operates on said key to produce a second key and 
an encryption protocol which operates on said sec- 
45 ond key to encrypt said key said printing module 
^ ; f ... : (24) responding to transfer of data thereto by said 
. < r . f - ^terminal (12) when said terminal is connected to a 
*'. metering^devioe (10) having a second key to said 
t : -i*--; ? . encryption protocol to conduct a print cycle, said 
so •: data processor (28) and nonvolatile storage (30) of 
said printing module (24) having also stored therein 
-•»■■■• a protocol which changes said second key before 
* another print cycle can be conducted. 

■55 10. A printing module according to Claim 7, 8 or 9, 
; \ wherein said printing module (24) is incapable of 
executing two successive print cycles in response 
to the input thereto of identical data to initiate said 
print cycles. : ■ 
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1 1 . A value printing system for controlling the printing of 
value indicia including a value metering module 
(10) having a data processor (14) and storage (16), 

■ a host terminal (1 2) having processing and storage 
capability, a connecting mechanism (26) for remov- 
able connecting said value metering module (10) to 
said host terminal (12) for data transfer therebe- 
tween',' arid a; printing module (24) secured to said 
■ host terminal (12) for data. communication there- 
- with, said printing module (24)' having a data con- 
trolled printing mechanism (32) including integrally 
therewith a data processor (28) and a non-volatile 
- : random access storage (30) having stored therein a 
' key for initiating 1 a print cycle-- and a protocol for 
changing said key before another print cycle can be 
conducted. . - . 

12. A value printing system according to Claim 11, 
wherein said data processor (28) and non- volatile 
storage (30) of said printing module (24) have 
stored therein a number generating , protocol for 
operating on a prime key stored in said non-volatile 
storage (30) to produce said changed' key and an 
encryption protocol for operating on said changed 
key to encrypt said changed key, said printing mod- 
ule (24) being responsive to transfer of data thereto 
by said terminal (12) when said terminal is con- 
nected to a metering device (10) having a key to 
said "encryption protocol to authenticate said 
changed key, said* encryption- -protocol being 
airranged to change said changed key^before yet 
another print cycle can be conducted: " 

13. A value printing system according' to Claim 11 or 
12, wherein said printing module (24) is incapable 
of" executing two successive, print cycles in 
response to the input thereto of identical data to ini- 
tiate said print cycles. 

14. A value printing- system according to any one of 
- Claims 1 1 to 13, wherein said value prrntrng system 

(10,12) comprises a mai ling system and said value 
meter module J comprises' a postage meter and said 
' printer module comprises f a postage printer. 

15. In a value printing systemfor controlling 'the printing 
of value indicia including a value metering module 
(10) having a data processor (T4);and storage (16), 
a host terminal (12) having processing and storage 
capability, a connecting mechanism (26) for remov- 
ably connecting said value metering module (10) to 
said host terminal (12) for data transfer therebe- 
tweeen. and a printing module (24) secured to said 
host terminal (14) for data communication there- 
with, said printing module (24) having a data con- 
trolled printing mechanism (32). a method 
comprising the steps of: v , • 

mounting integrally with said printing module 



(24) a data processor (28) and a non-volatile 
random access storage (30); 
storing a key in said non-volatile random 
access storage (30); 
5 performing a predetermined protocol on said 

. . . :key to obtain a different second key; 
" encrypting said second key;, 
i -communicating said encrypted second key to 

- . . an authorized metering module; 
10 - decrypting said second, key in said metering 
modiHe (10); .. . 

. -.ic - authenticating said decryption in said metering 
module (10) to said printing module (24); 
' conducting a printing cycle by .said printing 
15 . module (24) wherein data transferred to said 

printing module from said host terminal is 
printed; and 

performing -a, predetermined protocol on said 
key to obtain a different third key before con- 
20 ducting another printing cycle. - . 

16. A method according to Claim 15, wherein said 
printing module (24) is incapable of conducting two 

' print cycles in response to input thereto of identical 
25 . data to initiate said print cycles. , 

17. A method according to Claim 15 or 16,. wherein said 
protocol for obtaining said second key comprises 

■i , pseudo-random generation of a number. 

18. A method according to any -one of .claims 15 to 17 
including the steps of: 

-\. ■; •:■ n. installing : a number unique to each printing 
35 module in said module $t manufacture; and 

using said unique number in said pseudo-ran- 
-A; - tdom n urnb er : ; g en erati o n protocol so that such 
.„ r nur^er-generation is unique to each printing 

:vr;-: ■ ; f; ^module: , - .- ... > 

,.19. A method according to any one of .claims 15 to 18 
including the steps of: using said second key to 
encrypt data to ; be printed; transmitting said 
- .encrypted print data to said printing. module (24); 
45 decrypting said print data in-said printing module; 
o , and printing said data. . .. 

i, -., . 2O. -A^m0thod. acQordfng to any pne of Claims 15 to 19 
including the steps. of:, retrieving. said key from said 

so non-volatile random access storage (30) and per-' 
forming said protocol on said retrieved key to obtain 
said second key ; 

storing said second key in said non-volatile ran- 
55 dom access storage (30); . and 

, ■ - retrieving said second key from said non-vola- 
tile random access storage (30) to encrypt said, 
second key. 
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INSTALL PRINT 
\ HEAD' SECURITY KEY 
Ka IN PRINT HEAD 
ASIC 
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INSTALL' VAULT 
> SECURITY KEY Kv 
IN VAULT ASIC 
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. INSTALL PRINT 
HEAD-NUMBER Nph 
,' IN NVM 
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INSTALL ENCRYPTED 
: PRINT HEAD KEY 
IKphl Ka "IN NVM 
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'INSTALL' ENCRYPTED 
GRAPHIC: KEY 
; (Kg) Ka IN NVM 
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AT THE FACTORY 
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FIG. 5 
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INITIALIZE PRINT 

HEAD GRAPHICS 
WITH GRAPHICS KEY 
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DECRYPT GRAPHICS 
WITH PRINT -HEAD 
. SECURITY KEY 
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LOAD. AND ' 
VERIFY INDICIA 
' GRAPHICS 
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LOAD AND VERIFY 
AD SLOGAN.. 
GRAPHICS 
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\J LOAD AND VERIFY 
FONT GRAPHICS 
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\ .LOAD -AND VERIFY 
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DECRYPT PRINT 
HEAD KEY WITH 
PRINT HEAD 
SECURITY KEY 
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PRINT HEAD OUTPUTS. 
NUMBER AND SESSION'' 
NONCE 
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PRINT HEAD CALCULATES 

SESSION KEY FROM 
" PRINT HEAD KEY t - 
AND NONCE 
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VAULT GENERATES 
PRINT HEAD KEY 
FROM Nph WITH 
: . PRINT HEAD 
.- MASTER KEY 
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VAULT CALCULATES 

SESSION KEY 
FROM PRINT HEAD 
: KEY AND 'NONCE 
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VAULT SENDS METER 
NUMBER . SESSION 

■•NONCE; (AND: VAULT! 

, NONCE) ENCRYPTED 
WITH SESSION KEY 



82- 



PRINT .HEAD VERIFIES 
'SESSION' NONCE. SAVES 
METER NUMBER: (AND 
OUTPUTS VAULT 
NONCE! 
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PRINT HEAD". 




PRINT HEAD 


OUTPUTS ' 
INDICIA NONCE 




SENDS REPORT 
• NONCE 















VAULT ENCRYPTS 
PIECE COUNT. 

POSTAGE. (DATE). 
INDICIA NONCE - 

WITH SESSION KEY 
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PRINT HEAD . 
.DECRYPTS .. 
PIECE COUNT, 

POSTAGE. 
INDICIA NONCE 
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PRINT HEAD 
AND VAULT DERIVE 
: SESSION KEY 
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NUMERICAL DATA 
' ' IN REPORT: . 
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THE FIRST STEPS ARE PERFORMED UNDER THE SECURITY OF THE MANUFACTURING PROCESS 
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M— — P:Ka 


PRINT HEAD ASIC UNIVERSAL KEY Ka IS 

INSTALLED IN THE PRINT HEAD ASIC 

IT IS ESSENTIAL TO KEEP THIS KEY SECRET. 


2 


M— P:Nph. .. 


THE PRINT HEAD NUMBER IS STORED UNENCRYPTED IN 
NVM. AND IS DIFFERENT FOR EACH PRINT HEAD. 
OR AT LEAST FOR SEVERAL THOUSAND PRINT HEADS. 
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M— — P: (KphjKa 


"THE PRINT HEAD KEY GENERATES THE SESSION KEYS. 
THE ENCRYPTED PRINT HEAD KEY IS STORED IN 
NVM. Kph IS A FUNCTION OF Nph: Kph - {Nph} Kphm. 
ONI Y THF VAUI T AND MANUFACTURER KNOWS Kohm 


4 


M— P:(Kg)Ka 


THE ENCRYPTED GRAPHICS KEY IS STORED IN NVM. 

THIS IS PROBABLY A UNIVERSAL KEY. BUT 

STORING IT ENCRYPTED IN NVM GIVES US 

THE FLEXIBILITY TO HAVE IT DEPEND. ON 

POSTAL SERVICE. OR PRINT HEAD; OR MAILING MACHINE. 
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M— V:Kv 


A UNIVERSAL VAULT ASIC PROTECTION' KEY 

IS STORED IN THE THE VAULT ASIC." 

„IT IS ESSENTIAL TO KEEP THIS KEY SECRET. 
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M^-V: 

,<Kphm}Kv 


■THE PRINT HEAD MASTER KEY Kphm JS ANOTHER KEY 
THAT IS PROBABLY UNIVERSAL. BUT THE 
-FLEXIBILITY TO CHANGE |T COULD BS- VALUABLE , Kphm 
SHOULD BE STORED ENCRYPTED IN THE VAULT. NVM. 
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M -r-P : I INDICIA GRAPHICS )Kg 


THE GRAPHICS SIGNATURE COULD BE EITHER A 
CHAINED DES OR A CRC WITH A SECRET 
POLYNOMIAL. AND THE RESULT ENCRYPTED. 
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M — P:| LOCATION OF VARIABLE 
DATA IN THE INDICIA ]Kg 


THIS COULD BE PART OF THE PREVIOUS 
PROTOCOL STEP. 
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M-~P:|FONT GRAPHICS] Kg 


THE FONT GRAPHICS INCLUDES A CHARACTER 
IDENTIFIER IN THE LABEL . 


10 


M—P:1AD SLOGAN GRAPHICS )Kg 


AD SLOGANS MUST BE SIGNED BY PB, 
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M — P:l PERMIT GRAPHICS] Kg 


THE PERMIT HAS NO VARIABLE INFORMATION. 
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P— V:Ns, Nph 


THE PRINT HEAD GENERATES A 

NEW NONCE Ns FOR THE SESSION. 

THE PRINT HEAD CALCULATES THE SESSION 

KEY Ks FROM THE NONCE BY DECRYPTING 

Kph FROM NVM AND ENCRYPTING Ns. 

THE VAULT CALCULATES Ks BY 

ENCRYPTING Nph WITH Kphm. 


13 


V— P:{Ns. Nv. INDICIA SERIAL 
NUMBER) Ks 


THE VAULT SENDS Nv ENCRYPTED TO PROVIDE 
ASSURANCE THAT THE PRINT HEAD IS 
PRESENT. THE PRINT HEAD VERIFIES THE 
ENCRYPTED Ns TO VERIFY THAT THE VAULT 
IS VALID. THE INDICIA SERIAL NUMBER IS 
, SENT AT THIS POINT TO AVOID HAVING TO 
SEND IT FOR EACH INDICIA. 
THE PRINT HEAD DECRYPTS THE MESSAGE 
AND VERIFIES Ns. 
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P-t-V;Nv 


- THE VAULT VERIFIES THAT. THE PRINT HEAD 
RETRIEVED Nv. TO AUTHENTICATE THE 
■PRINT HEAD. THE. VAULT AND PRINT HEAD 
. ARE NOW READY TO PRINT INDICIA. 
THE SESSION IS NOW INITIALIZED. 


15 


P— V:Ni . .. 


FOR EACH INDICIA THE PRINT HEAD 
GENERATES A NONCE TO ASSURE THAT THE ..' 
INDICIA IS FRESH. ' 


1G 


V— P: (Ni. PIECE COUNT. 
TOKENS. DATE. POSTAGE) Ks 


THE VAULT PREPARES A MESSAGE WITH 
THE INDICIA INFORMATION AND THE 
INDICIA NONCE. ENCRYPTS IT. AND 
SENDS IT TO THE PRINT HEAD. 
THE PRINT HEAD VERIFIES THE INDICIA 
NONCE IS ENCYPTED. LOADS THE DATA - 
INTO THE IMAGE. AND PRINTS THE INDICIA. 
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